/vault_scanner

Scanner for pentesters

Primary LanguagePythonMIT LicenseMIT

VAULT Scanner

Codacy Badge GitHub Join the chat at https://gitter.im/vault_scanner/kwoc Python

Vault Scanner can be used for:

  • Scan a website for the following: - XSS - LFI - RFI - SQLi

  • Common header erros: - Clickjacking - jQuery - Insecure cookie flags - Session fixation through a cookie injection - Spoofing Agents - Brute force login through authorization header - Testing HTTP methods - Insecure headers

  • Collecting data: - Port scanning - Header grabbing - Banner grabbing - Finding comments in source code - Smartwhois scan - Check if error handling is done or not and extract the site data using that information. - OS scanning.

  • SSL scanner.

  • Crawl a website and collect all the URLs.

  • Scrape a website and collect all the images.

  • URL fuzzing.

  • Shellshock checking.

Getting Started

Steps to setup :

  1. git clone <your-fork-url>
  2. cd vault_scanner
  3. sudo apt-get install python3-pip
  4. sudo pip3 install virtualenv
  5. virtualenv venv
  6. source venv/bin/activate
  7. pip3 install -r requirements.txt

Starting Vault :

  1. cd vault_scanner/src
  2. python3 vault.py

Usage

usage: vault.py [-h] [-u URL] [-p] [-sp] [-ep] [-ssl] [-info] [-comment]
                [-fuzz]

optional arguments:
  -h, --help         show this help message and exit
  -u URL, --url URL  URL for scanning
  -p, --port         Port for scanning
  -sp, --start_port  Start port for scanning
  -ep, --end_port    End port for scanning
  -ssl               perform SSL scan
  -info              Gather information
  -comment           Finding comments
  -fuzz              Fuzzing URL

Example Usage :

python3 vault.py -u 'http://url' -info -comment -ssl -fuzz